HACKED THIS AFTERNOON! PLEASE HELP!

[Steamy27]

Any help here would be extremely helpful. Help, resoureces.. contacts. anything.

I got hacked this afternoon.. first my email accounts (all of them), then my phone, then my computer.. one right after the other.

I still do not have access to email (gmail won't let me in via 2FA). I just regained control of my phone and 2FA.. Logged in to both my Bittrex and Binance accounts and am missing almost everything.. Binance is empty.. Bittrex everything has been consolidated into Bitcoin and is likely ready to send out into space.. As soon as seeing my bittrex portfolio, i was locked out..

Any input is greatly appreciated.. This is a significant amount crypto..

Help

[1713557577]

1713557577

[1713557577]

1713557577

[HCP]

About all I can advise is trying to follow the steps here to regain control of your Gmail: https://support.google.com/accounts/answer/6294825

Sadly, as for all the crypto, that's gone... your chances of recovery are basically nil.

You can try contacting the exchanges, but usually they'll just lock your accounts... and unless you had completed KYC and are verified, getting them back will be difficult.

[Steamy27]

Thanks for the reply HCP..

Sad day  :

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..

[Yaunfitda]

Sorry to hear what had happened to you. 

Since crypto transaction is irreversible, you can't do anything about it. I will just advise you to just take some time off to at least recover emotionally.

[NeuroticFish]

Bittrex everything has been consolidated into Bitcoin and is likely ready to send out into space.. As soon as seeing my bittrex portfolio, i was locked out..

The chances are tiny, but try to contact Bittrex support and tell that your account is hacked.
If they see it in time, maybe they can prevent the funds getting sent out and they'll do a thorough verification of identity.

[nc50lc]

Hacker must have already acquired most of your accounts earlier than the incident but waited for the right moment (recovery emails and info) to execute the transfers and all things that can slow down your recovery attempt.

For the culprit: All Devices including your Mac PCs were compromised.... it must be a DNSChanger virus or later variants that targets routers.
Take note that it's not limited to displaying malicious ads but also able to redirect you to phishing sites which might be the cause of the multiple account hacks.
Try to look for the browsing history for questionable URLs since even started from a bookmark, that virus can redirect you to a fake site.

[bob123]

This is an ultimate MCA. I am sorry to hear that.

Unfortunately we can't change it anymore, but the way it happened means that your whole network is compromised.

You need to get rid of this as fast as possible.


I suggest you do the following:
- Disconnect from the internet and don't connect anymore until you have cleaned everything.
- Make a backup of all relevant files (wallet files, documents, pictures, etc.. )
- Completely wipe (format) your hard drives (all of them; format your PC, factory-reset your mobile, if you have IoT-devices, factory reset them, ...)
- In the meantime try to regain access to your accounts from a clean device outside of your home network
- Reinstall your Operating system (please do not use cracked windows software or something like that, they are ALWAYS infected).
- Reconnect to the internet. From this point you can change passwords etc. using this device on your home network.

This is the only correct way of minimizing the damage.


Also, it is important to find out how this happened to not let it happen again in the future.
At least you should not store any coins on any online service (e.c. exchange) anymore and use a hardware wallet to store your coins.

[nutildah]

Thanks for the reply HCP..

Sad day  :

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..

The block explorer says you still have 24.6995 BTC at this address -- I'm taking it you don't have the private key to this address? If you did, the obvious thing to do would be to import it into another wallet; preferably on a device you know isn't connected to the hacking. If you don't, sorry to hear about your loss. That's truly awful and I hope you somehow recover at least some of it.

[Lucius]

Steamy27, I'm sorry for your loss, but you should have been a lot smarter and never hold such a quantity of coins on crypto exchanges. Simple desktop wallet would save you, and I do not have to mention how much security would you have with any hardware wallet which is cost 50$ or something like that.

By the way you are hacked it is obvious that you were the calculated target, so think who else is know that you hold such amount of coins? Did you tell your friends, acquaintances or family members? Although the chances are very small, maybe police can do something if you collect enough data and make a report.

The block explorer says you still have 24.6995 BTC at this address -- I'm taking it you don't have the private key to this address? If you did, the obvious thing to do would be to import it into another wallet; preferably on a device you know isn't connected to the hacking.

Unfortunately exchanges do not give the possibility of exporting private keys, and because of that coins stored there are not just owned by owner, but also by exchange and anyone who can hack such service.

[posi]

Thanks for the reply HCP..

Sad day  :

Working on the gmail issues.. All of my recovery email addresses were compromised as well... hence me being pretty handcuffed on the email front..

I have reached out to Bittrex and Binance to freeze accounts.. Binance has done so but not in time.. KYC'd in both exchanges.

Here is the transaction out of my account: https://bitcoinwhoswho.com/address/1CenzCoKFoQyBdFbi1uYU1DEmyQFyM8cfm/urlid/13236721
This was a very very sophisticated attack.. I was simultaneously hacked at 2 email addresses.. I phone.. Multiple mac computers.. At&T (they changed my ssn and disconnected my phone!)..

At a loss.. total loss..

I'm really sorry for your loss. I will advice you to do all the calling using a new phone but I was surprised all your phones, email and computer were hacked and would like to ask you some few question.
How many people know you holder some crypto?
Do you share your computer?
Do you expose your SSN in the last 3 months, save it on phone etc or apply an anonymous registration which require your private info?

[Lucasgabd]

I'm really sorry for your loss, hope you can make it back again double of what you have!

adding to posi, I'm really curious on how this attack happened and what was the security breach, since you had 2FA on all exchanges and on email.

did anybody had physical access to your mobile phone?
which was the version of your iphone and how do you think the 2FA got copromised?

any info on this can possibly save other people to suffer the same kind of hack

[mgoz]

If you follow the addresses they split transactions up on, 3BXTZHn8h7v69KoZTnnTU3Qj9TxBejLX9T is associated with BTC ransomware and blackmail scam. I've seen some of those spoofed emails have actual passwords in them to make them more worrisome, so there have definitely been database breaches. If you used the same email/password for everything it could be from whatever breach they obtained those passwords from or a simple phishing scam with fake login. Could have also been a more sophisticated, targeted attack, and only way to try and find out would be to do a full forensic examination of your computers and devices. I'd make forensic copies of everything and then wipe the originals before going back online.

[posi]

If you follow the addresses they split transactions up on, 3BXTZHn8h7v69KoZTnnTU3Qj9TxBejLX9T is associated with BTC ransomware and blackmail scam. I've seen some of those spoofed emails have actual passwords in them to make them more worrisome, so there have definitely been database breaches. If you used the same email/password for everything it could be from whatever breach they obtained those passwords from or a simple phishing scam with fake login. Could have also been a more sophisticated, targeted attack, and only way to try and find out would be to do a full forensic examination of your computers and devices. I'd make forensic copies of everything and then wipe the originals before going back online.

You might be right about the computer issue cause the OP said he's using mac computers but the part of his phone also been hacked another thing and I believed it might be an inside job done by the person that knew the OP which I asked him the previous question but the OP was not online since his last reply.

[Xylber]

Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

[Artemis3]

Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

This is why its critical to never repeat passwords anywhere. First thing they do when they obtain password databases is to try them elsewhere. People can't remember a thousand sites passwords, but they can remember a very good password for a password manager running in a secure OS. Of course you should run a secure OS always (ie. Linux).

And your passwords shouldn't be trivial. Password managers have good random password generators, you should aim for (at least) 16 char long passwords using all char type groups first (ie. letters, numbers, caps, symbols).

I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Why, oh why is it only after people lose money that they start to pay attention? If you haven't been harmed yet, Do it now™; drop windows today, no more excuses.

Then, no "easy passwords", no repeating passwords. Careful with the 2FA, they are double edged swords, not universal protection. Keep major amounts in cold wallets, no excuses for that either. Exchanges learned that lesson the hard way, so should you...

So now its too late for (yet another) poster. Is it late for you the reader? Best OP can do now is report to authorities, probably will never see anything of it back again.

Remember this: When you use crypto, you are your own bank. Act responsibly.

[Xylber]

Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

This is why its critical to never repeat passwords anywhere. First thing they do when they obtain password databases is to try them elsewhere.

I understand that my case was completely my fault (same pass on every site), and the reason is laziness, ignorance, or thinking it will never happens to you. I can't say the OP was hacked the same way that I was, anyway, it could be his fault or a website leaking his data: once they have access to an email address, they got access to all other sites, it doesn't matters if you have one password for each one.

Big companies are being hacked everyday, and big chunks of private emails and passwords are being sold on the deep web. I lost some accounts (related to gambling websites and some social networks, not crypto), when Epic/Unreal was hacked some years ago. The damage was minimal anyway, but since then I have a different password for each website.

So, I would'nt make the OP completely responsible for the security, you can be hacked by the failures of third parties.

I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Why, oh why is it only after people lose money that they start to pay attention? If you haven't been harmed yet, Do it now™; drop windows today, no more excuses.

I recommend the same, Windows is a spyware for itself, they are more busy spying on your biometrical data than on bringing security. I'm a total Linux noob, but I started using Ubuntu this year, learned GIMP to replace Photoshop, and I still need to buy a BricsCAD license to replace Autocad, to fully get rid of Windows for ever. I also recommend Linux Tails in a thumbdrive for important transactions.

[Artemis3]

I understand that my case was completely my fault (same pass on every site), and the reason is laziness, ignorance, or thinking it will never happens to you. I can't say the OP was hacked the same way that I was, anyway, it could be his fault or a website leaking his data: once they have access to an email address, they got access to all other sites, it doesn't matters if you have one password for each one.

I recommend the same, Windows is a spyware for itself, they are more busy spying on your biometrical data than on bringing security. I'm a total Linux noob, but I started using Ubuntu this year, learned GIMP to replace Photoshop, and I still need to buy a BricsCAD license to replace Autocad, to fully get rid of Windows for ever. I also recommend Linux Tails in a thumbdrive for important transactions.

Email access doesn't necessarily means they can get you, many sites ask you security questions before sending you a new password to your email, it depends on the site. If you are smart, you don't use a normal answer to the security question, but instead use random generated passwords as response for each different security question (you can store those in your password manager the same way).

If the site simply sends you a new password over email when you request it, that site has a very poor design. In this day and age, that's unacceptable. Some form of challenge should be expected. Often a weakness here is people using dumb simple answers to the security questions.

Windows has a LONG history of security breaches. Problem is, its full of holes, several undocumented. Once a malicious individual finds one, it can keep it to himself until the day he wants to use it. In open source, the same thing can occur, BUT  more often than not a thid party finds it and alerts the community. This cannot happen with closed software where its impossible to audit the code, or can only be audited by too small a limited group for a short period of time; meaning several bugs and flaws remain hidden for decades. The software development model (open vs closed) is one of the main reasons for insecure software, but its not the only one. It is however harder to secure closed since its harder to find the flaws than open.

There is no such thing as security by obscurity. A common cryptography tradition is: show your algorithm, so the community as a whole can audit it and give its blessing or find its faults. you know, basic science. Keep it hidden, nobody will trust it as its likely full of flaws. Software is the same.

[bob123]

Of course you should run a secure OS always (ie. Linux).

While i agree that it is safer to use Linux, i would not agree that linux is a more secure OS per se.

It is the configuration of your computer, software, network which makes your system secure or not secure.

More than 90% of the malware is written for windows.. but this still doesn't mean that you are more secure (especially not in a targeted attack).
In a targeted attack it doesn't matter at all which OS you are using. Bugs and exploits exist (and can be found) for every OS / system setup.


Generally, yes. Linux is safer (out-of-the-box). And you are more secured against the day-to-day threats, yes.
But saying linux is more secure per se, is kind of wrong.

And your passwords shouldn't be trivial. Password managers have good random password generators, you should aim for (at least) 16 char long passwords using all char type groups first (ie. letters, numbers, caps, symbols).

Password managers are a good idea, yes.
But in some cases you need to memorize your password (e.g. for an account you need to log into from different devices from different networks).
In this case you need some password you can memorize.

Then, you can easily go without special chars by increasing the length.

An explanation on length beats complexity regarding password security: https://bitcointalk.org/index.php?topic=5132378.msg50625648#msg50625648

I would advise the OP to download a live linux iso and use that in a thumbdrive and boot the computer from it. always have one of those ready.

Definitely, but maybe not manjaro.

For a linux newbie, some easier-to-learn distro might be more helpful (e.g. ubuntu / mint).

[Lauda]

While i agree that it is safer to use Linux, i would not agree that linux is a more secure OS per se.

Then you need to do a lot more reading. When compared: Windows = swiss cheese; Linux = brick wall.

But saying linux is more secure per se, is kind of wrong.

Is not.
For the sake of reference: the last time anything running Linux that I've seen was compromised was never. The again, that might be partially because of proper security practices.

[bob123]

Then you need to do a lot more reading. When compared: Windows = swiss cheese; Linux = brick wall.

And dynamite will destroy both.

With proper network- / privileges-management and some common sense a windows network can be as secure as a linux network.

It all depends on the security mechanism / -management.
A miserably managed linux network is way more prone to being compromised than a moderately good managed windows network.

But saying linux is more secure per se, is kind of wrong.

Is not.
For the sake of reference: the last time anything running Linux that I've seen was compromised was never. The again, that might be partially because of proper security practices.

So.. you mean there never were linux kernel exploits, privilege escalations or any other exploits which only affected linux and were severe (*cough*  shellshock  *cough*) ?


Just because the majority of malware doesn't work on linux, it doesn't mean that linux is more secure.

If you consider a non-techy guy who barely can open his browser and type into google.
Without any security practices, it is not harder to compromise his computer running linux than if he would use windows. Same applies to a MAC, iOS, android etc..

Most people using linux do have more clue regarding IT / security / etc.. And that's the reason why it is 'easier' to compromise a windows system. Most windows user just don't know what they are doing at all..